Class: Tablomat::IPTablesBase::Chain
- Inherits:
-
Object
- Object
- Tablomat::IPTablesBase::Chain
- Defined in:
- lib/tablomat/iptables/chain.rb
Overview
The IPTables class is the interface to the iptables command
Instance Attribute Summary collapse
-
#active ⇒ Object
readonly
Returns the value of attribute active.
-
#name ⇒ Object
readonly
Returns the value of attribute name.
-
#owned ⇒ Object
Returns the value of attribute owned.
-
#rules ⇒ Object
readonly
Returns the value of attribute rules.
-
#table ⇒ Object
readonly
Returns the value of attribute table.
Instance Method Summary collapse
- #activate(override = false) ⇒ Object
- #append(data) ⇒ Object
- #apply_create ⇒ Object
- #apply_delete ⇒ Object
- #builtin? ⇒ Boolean
- #deactivate(override = false) ⇒ Object
- #delete(data) ⇒ Object
- #exists? ⇒ Boolean
-
#initialize(table, name, owned = true) ⇒ Chain
constructor
A new instance of Chain.
- #insert(data, pos) ⇒ Object
- #policy(action) ⇒ Object
- #rule(name, owned = true, &block) ⇒ Object
- #sethandling(name) ⇒ Object
- #update_rules_position ⇒ Object
Constructor Details
#initialize(table, name, owned = true) ⇒ Chain
Returns a new instance of Chain.
12 13 14 15 16 17 18 19 20 21 22 |
# File 'lib/tablomat/iptables/chain.rb', line 12 def initialize(table, name, owned = true) @system = table.system @table = table @name = name @policy = 'ACCEPT' @rules = {} @rules_sorted = [] @owned = owned @active = false activate if @table.active end |
Instance Attribute Details
#active ⇒ Object (readonly)
Returns the value of attribute active.
10 11 12 |
# File 'lib/tablomat/iptables/chain.rb', line 10 def active @active end |
#name ⇒ Object (readonly)
Returns the value of attribute name.
10 11 12 |
# File 'lib/tablomat/iptables/chain.rb', line 10 def name @name end |
#owned ⇒ Object
Returns the value of attribute owned.
9 10 11 |
# File 'lib/tablomat/iptables/chain.rb', line 9 def owned @owned end |
#rules ⇒ Object (readonly)
Returns the value of attribute rules.
10 11 12 |
# File 'lib/tablomat/iptables/chain.rb', line 10 def rules @rules end |
#table ⇒ Object (readonly)
Returns the value of attribute table.
10 11 12 |
# File 'lib/tablomat/iptables/chain.rb', line 10 def table @table end |
Instance Method Details
#activate(override = false) ⇒ Object
92 93 94 95 96 97 98 99 100 101 |
# File 'lib/tablomat/iptables/chain.rb', line 92 def activate(override = false) return unless @owned || override return if @active @active = true return if override apply_create activate_all_rules end |
#append(data) ⇒ Object
66 67 68 69 70 71 |
# File 'lib/tablomat/iptables/chain.rb', line 66 def append(data) rule(data) do |rule| @rules_sorted << rule rule.activate if @active end end |
#apply_create ⇒ Object
114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 |
# File 'lib/tablomat/iptables/chain.rb', line 114 def apply_create unless exists? begin command = "#{@system.iptables_bin} -t #{@table.name} -N #{@name}" @system.exec command rescue StandardError puts "Error: #{$ERROR_INFO}" end end # apply policy if builtin chain return unless builtin? command = "#{@system.iptables_bin} -t #{@table.name} -P #{@name} #{@policy}" @system.exec command end |
#apply_delete ⇒ Object
130 131 132 133 134 135 136 137 138 139 140 141 |
# File 'lib/tablomat/iptables/chain.rb', line 130 def apply_delete return unless exists? && !builtin? begin command = "#{@system.iptables_bin} -t #{@table.name} -F #{@name}" @system.exec command command = "#{@system.iptables_bin} -t #{@table.name} -X #{@name}" @system.exec command rescue StandardError puts "Error removing chain #{command}, message: #{$ERROR_INFO}" end end |
#builtin? ⇒ Boolean
151 152 153 |
# File 'lib/tablomat/iptables/chain.rb', line 151 def builtin? @table.system.builtin_chains.key?(@table.name.to_sym) && @table.system.builtin_chains[@table.name.to_sym].include?(@name) end |
#deactivate(override = false) ⇒ Object
103 104 105 106 107 108 109 110 111 112 |
# File 'lib/tablomat/iptables/chain.rb', line 103 def deactivate(override = false) return unless @owned || override return unless @active @active = false return if override deactivate_all_rules @active = false end |
#delete(data) ⇒ Object
80 81 82 83 84 85 86 87 88 89 90 |
# File 'lib/tablomat/iptables/chain.rb', line 80 def delete(data) rule = if data.is_a? Rule data else self.rule(data) end rule.deactivate if rule.active @rules_sorted.delete(rule) @rules.delete_if { |_k, v| v.description == rule.description } end |
#exists? ⇒ Boolean
143 144 145 146 147 148 149 |
# File 'lib/tablomat/iptables/chain.rb', line 143 def exists? command = "#{@system.iptables_bin} -t #{@table.name} -nL #{@name}" @system.exec command true rescue StandardError false end |
#insert(data, pos) ⇒ Object
56 57 58 59 60 61 62 63 64 |
# File 'lib/tablomat/iptables/chain.rb', line 56 def insert(data, pos) rule(data) do |rule| rule.method = 'INSERT' rule.position = pos @rules_sorted.insert(pos - 1, rule) update_rules_position rule.activate if @active end end |
#policy(action) ⇒ Object
24 25 26 27 28 29 30 31 32 33 |
# File 'lib/tablomat/iptables/chain.rb', line 24 def policy(action) # set policy as the last rule of the chain raise 'Unable to assign policy to non builtin chains, TODO: implement handling' unless builtin? @policy = action return unless @active command = "#{@table.system.iptables_bin} -t #{@table.name} -P #{@name} #{@policy}" @system.exec command end |
#rule(name, owned = true, &block) ⇒ Object
35 36 37 38 39 40 41 42 43 44 45 |
# File 'lib/tablomat/iptables/chain.rb', line 35 def rule(name, owned = true, &block) if name.is_a? Hash name = sethandling(name) if name.key?(:set) name = name.map { |k, v| "--#{k} #{v}" }.join(' ') end key = name.to_s.downcase (@rules[key] || Rule.new(self, name, owned)).tap do |rule| @rules[key] = rule block&.call(rule) end end |
#sethandling(name) ⇒ Object
47 48 49 50 51 52 53 54 |
# File 'lib/tablomat/iptables/chain.rb', line 47 def sethandling(name) trash = {} name.each do |k, v| trash[k] = v trash[:match] = trash.delete :set if trash.key?(:set) end trash end |
#update_rules_position ⇒ Object
73 74 75 76 77 78 |
# File 'lib/tablomat/iptables/chain.rb', line 73 def update_rules_position @rules_sorted = @rules_sorted.compact @rules_sorted.select(&:active).each_with_index do |rule, index| rule.position = index + 1 if (rule.position != 0) && (rule.position != (index + 1)) end end |